Distinguish ghost/impersonate logins from others

2022-07-29 20:39:18 +02:00
parent 612b1d6030
commit 6715efca50
4 changed files with 5 additions and 4 deletions
--- a/src/routes/cloudron.js
+++ b/src/routes/cloudron.js
@@ -63,7 +63,7 @@ async function login(req, res, next) {
    [error, token] = await safe(tokens.add({ clientId: type, identifier: req.user.id, expires: Date.now() + constants.DEFAULT_TOKEN_EXPIRATION_MSECS }));
    if (error) return next(new HttpError(500, error));

-    await eventlog.add(eventlog.ACTION_USER_LOGIN, auditSource, { userId: req.user.id, user: users.removePrivateFields(req.user) });
+    await eventlog.add(req.user.ghost ? eventlog.ACTION_USER_LOGIN_GHOST : eventlog.ACTION_USER_LOGIN, auditSource, { userId: req.user.id, user: users.removePrivateFields(req.user) });

    if (!req.user.ghost) safe(users.notifyLoginLocation(req.user, ip, userAgent, auditSource), { debug });